Cross-Origin Opener Policy Vulnerability in pgAdmin by pgAdmin Group
CVE-2025-9636

7.9HIGH

Key Information:

Vendor

Pgadmin.org

Status
Pgadmin 4
Vendor
CVE Published:
4 September 2025

What is CVE-2025-9636?

pgAdmin versions up to 9.7 exhibit a security vulnerability related to the Cross-Origin Opener Policy (COOP). This vulnerability allows attackers to exploit the OAuth authentication flow, potentially granting them unauthorized access to user accounts, enabling account hijacking, leading to data breaches, and permitting privilege escalation. Users of pgAdmin are advised to review their security settings and apply necessary mitigations to protect against these risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

pgAdmin 4 0

References

https://github.com/pgadmin-org/pgadmin4/issues/9114
issue-tracking

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.